Yazılar

Claim That Any Phone Can Be Tracked via Google Maps by Email Is False

/in /tarafından

A viral claim suggesting that anyone can locate a mobile phone simply by emailing Google and using a phone number is inaccurate and misleading, cybersecurity experts say.

Posts circulating online allege that sending an email through Gmail to a specific address can trigger Google Maps to reveal a device’s location, even without internet access. Google does not offer any such service, and there is no official mechanism that allows location tracking of a phone solely via an email request or partial phone number.

Legitimate phone-tracking tools require explicit user consent and account access, such as Google’s “Find My Device” for Android or Apple’s “Find My” for iPhone. These services work only when users are logged in and have location sharing enabled.

Security specialists warn that messages promoting email-based tracking may be linked to scams or data-harvesting attempts. Users who follow such instructions could expose personal information without gaining any real tracking capability.

Authorities and privacy advocates stress that tracking a phone without permission is illegal in many countries. Users are advised to rely only on official tools provided by device makers and to report misleading claims that promise effortless or universal phone tracking.

More Than 56,000 WhatsApp Accounts Exposed by Malicious npm Package

/in /tarafından

A malicious package hosted on Node Package Manager (npm) has compromised more than 56,000 downloads by posing as a legitimate WhatsApp Web API library, allowing attackers to secretly access messages, media files, contacts and session credentials.

The package, identified by cybersecurity firm Koi Security, was published under the name lotusbail and masqueraded as a fork of the popular WhatsApp Web automation library WhiskeySockets Baileys, commonly used by developers to build bots.

According to researchers, the malware intercepts all incoming and outgoing messages by hijacking the legitimate WebSocket connection used by WhatsApp Web. It silently copies authentication tokens and session keys, while normal app functionality continues, making the attack difficult to detect.

Stolen data is encrypted using a custom RSA implementation before being exfiltrated, helping the malware evade network monitoring tools. The package also includes functionality to secretly link an attacker’s device to a victim’s WhatsApp account, granting persistent access to conversations.

Security experts warn that uninstalling the npm package removes the malicious code but does not automatically unlink the attacker’s device. Users are advised to manually review and remove unknown linked devices in WhatsApp’s settings to fully secure their accounts.

FBI Issues Urgent Warning for All Gmail Users Over New Cookie-Based Hack

/in /tarafından

The FBI has issued an urgent warning for Gmail users worldwide after detecting a new wave of cyberattacks exploiting a session cookie vulnerability that allows hackers to bypass two-factor authentication and gain full access to victims’ accounts.

With over 1.8 billion users globally, Gmail is one of the most popular email platforms — and also one of the most targeted by cybercriminals. According to the FBI, attackers are using sophisticated techniques to steal login cookies from infected devices, granting them access not just to Gmail accounts, but also to connected services like social media, online banking, and cloud storage.

The attack begins when victims unknowingly click malicious links or visit fake websites, downloading malware that silently extracts session cookies — files that store login information so users don’t have to re-enter passwords. Once stolen, these cookies allow hackers to impersonate users and access their accounts without needing credentials or authentication codes.

The FBI warns that this technique effectively neutralizes two-factor authentication, long considered one of the strongest security measures against account hijacking.

To protect users, the agency recommends:

  • Regularly deleting browser cookies.

  • Avoiding the “Remember this device” option when logging in.

  • Only visiting secure websites that use HTTPS.

  • Frequently checking account login history for suspicious activity.

Google has acknowledged that cookie theft affects users across the web and said it is developing new security measures to mitigate the threat, describing the attacks as part of a growing, lucrative cybercrime trend.